CVE-2018-5464

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/103182	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02	Third Party Advisory US Government Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:philips:intellispace_portal:8.0:::::::*
	cpe:2.3:a:philips:intellispace_portal:9.0:::::::*

History

No history.

Information

Published : 2018-03-26 14:29

Updated : 2023-12-10 12:30

NVD link : CVE-2018-5464

Mitre link : CVE-2018-5464

CVE.ORG link : CVE-2018-5464

JSON object : View

Products Affected

philips

intellispace_portal

CWE

CWE-295

Improper Certificate Validation

CWE-310

Cryptographic Issues

{"id": "CVE-2018-5464", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-03-26T14:29:00.417", "references": [{"url": "http://www.securityfocus.com/bid/103182", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."}, {"lang": "es", "value": "Philips IntelliSpace Portal, en todas las versiones 8.0.x y 7.0.x, contiene una vulnerabilidad de certificado SSL inseguro. Esto podr\u00eda permitir a un atacante obtener acceso no autorizado a recursos e informaci\u00f3n."}], "lastModified": "2019-10-09T23:41:24.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "374B9A63-793D-41A1-A02F-4642031DA5FA"}, {"criteria": "cpe:2.3:a:philips:intellispace_portal:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "784EBE3C-D9CB-433E-BC1D-4403B3BAB6AA"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}